Gartner Says By 2023, 65% of the Worldâs Population Will Have Its Personal Data Covered Under Modern Privacy Regulations
At its virtual summit this week, the Gartner Group is predicting that: By 2023, 65% of the World’s Population Will Have Its Personal Data Covered Under Modern #Privacy Regulations. Analysts expect that – driven by regulations based on/similar to GDPR – organizations will achieve a “trusted status” in three stages. The “establish” privacy program stage includes foundational privacy management capabilities; in the “maintain” stage, organizations will scale privacy management with augmented breach incident responses and automation of privacy impact assessments; the “evolve” stage will leverage specialist tools to reduce privacy risk without impacting data utility, such as enabling the extraction of consumer insights from large data pools without increasing privacy risk.
In response, two Stealthbits data security, privacy and governance experts offer comments.
Adam Laub, General Manager, Stealthbits Technologies:
“It may not appear so on the surface, but like so many things, Data Privacy is ultimately driven by money. Interestingly, however, money can be both the stick and the carrot as it pertains to Data Privacy. As Gartner’s Nader Henein noted, establishing privacy regulations on par with the EU’s GDPR opens up the door for countries and the companies within them to do business on a broader scale because of their “trusted status”. In other words, access to other markets will ultimately depend on a country’s and company’s alignment with and adherence to globally accepted privacy best practices. When coupled with rising trends in data security as a competitive differentiator, it’s not hard to see things may finally be moving in the right direction for a world struggling to fend off advanced adversaries and a seemingly never-ending barrage of data breach events.”
Dan Piazza, Technical Product Manager, Stealthbits Technologies:
“It’s exciting to see data privacy regulations evolve at such a rapid pace. What was once an afterthought is becoming an integral part of operations and planning for organizations that handle personally identifiable information (PII). The EU’s GDPR is still the gold standard, with regulations like CCPA in California and LGPD in Brazil following closely behind. One can also assume more states across the US will follow the CCPA’s lead, and eventually we may have sweeping federal data privacy regulations. What’s clear is that globally we’re taking incredible steps in the right direction for data privacy and consumer rights, and organizations need to be prepared with “privacy by design” initiatives. This means data privacy and PII need to be front-of-mind when designing new software, storage architecture, cloud data repositories, databases, data lakes, and any other technology that may house, transport, or process PII. Furthermore, organizations need to make sure they’re prepared to respond to Data Subject Access Requests (DSARs), or otherwise face stiff fines per existing and soon-to-be data privacy regulations. To put it simply, all organizations need to audit their data workflows and ensure the security of PII as a top priority. It’s a never-ending process, and constant observation and maintenance of data privacy workflows are now essential day-to-day processes.”